I haven’t been posting much, so I’m not sure how long the perpetrators have had control of the site, but it came to my knowledge about a week ago when I posted a new article.
It appears that I was a victim of an .htaccess hack. Basically, the hackers had a script running somewhere in my site’s files that would rewrite the .htaccess files and would redirect any link to/on/from my site to a scam site that would inform visitors that they had a virus on their system. I noticed it when my automatic Twitter poster tweeted my latest post. When I clicked on the link in the tweet, it became clear that my site had be compromised.
The goal of these types of hacks is to make you believe that you indeed have a virus on your system and that your anti-virus system missed it. The offenders entice you to use their virus removal service for a price and assure you that your system is clean. The reality is, the only thing they clean out is your wallet–there is no virus on your system unless you count the hacker as a virus, which by definition, he is.
Thankfully, but frustratingly so, links to my site from Google would just reload Google’s main search page. I’m thankful that anyone who was trying to reach the site via search wasn’t subjected to the scam site–frustrated that they were equally frustrated with reloading a blank search.
I found a number of remedies on the web for rectifying the situation, but none of them actually worked. Ultimately, the only solution was to change all my administrative passwords for the site, the database, and FTP access. Then I backed up everything and erased the entire site and rebuilt it with a new WordPress install and database. I also locked down security on pretty much everything. I found the following article incredibly helpful: http://www.mastermindblogger.com/2011/14-ways-to-prevent-your-wordpress-blog-from-being-hacked/ (I’ve posted the full URL here because, ironically enough, this site has been hacked as well with a similar attack. The only way to actually get to the site is to copy the URL and paste it into your address bar…clicking on it will show you the result of the hack).
It is frustrating that there are individuals out there that do this kind of thing. My site doesn’t get a whole lot of visitors so I don’t think the traffic they redirected was very lucrative to them. It also got me thinking that if this problem was prolific enough, most site owners would just shut down, ultimately leaving the internet as a wasteland of con men.
Getting hacked blows, but I guess worse than that is knowing that there is very little recourse for justice. I blew an entire Saturday trying to get the site back up and running and things back to normal. Now I am ultra paranoid (which probably isn’t a bad thing) and being very careful with the security of my site.
So if you were a victim of this hack when you attempted to visit my site, I apologize, and please know that I am doing everything I can to prevent this from ever happening again.
If you are visiting this post because your WordPress site has been hacked, take a look at the link above. As I can gather more information about this type of attack, I will post it. Specifically, I’m investigating methods to secure the .htaccess file from being hacked again.